shibboleth-dev - RE: Continuing the cookie discussion...
Subject: Shibboleth Developers
List archive
- From: "Howard Gilbert" <>
- To: "'Walter Hoehn'" <>
- Cc: <>
- Subject: RE: Continuing the cookie discussion...
- Date: Thu, 16 Dec 2004 00:00:31 -0500
> Can't we just do some JNDI magic to allow the session data to span
> these contexts without re-directs?
We already have magic to allow the Session object (managed by the
/shibboleth context), to be available upon request to the Resource Managers.
The purpose of the cookie is not to carry the Session data, but only to
identify the session. Only the Browser can carry a token that identifies an
HTTP request with some existing server-side state. So again it becomes a
problem for cookies and their scope.
The purpose of the redirects is not to move the session data around. It is
to redirect the Browser from a URL scope where no cookie has been assigned
to a trusted, authoritative URL within the scope of a preexisting cookie.
There the cookie can be read, the identity of the Browser can be
established, and then the old Session ID can be extended to the new context
where a new cookie can be issued for it.
- Continuing the cookie discussion..., Scott Cantor, 12/13/2004
- RE: Continuing the cookie discussion..., Howard Gilbert, 12/13/2004
- RE: Continuing the cookie discussion..., Scott Cantor, 12/13/2004
- Re: Continuing the cookie discussion..., Walter Hoehn, 12/15/2004
- RE: Continuing the cookie discussion..., Howard Gilbert, 12/16/2004
- Re: Continuing the cookie discussion..., Tom Scavo, 12/17/2004
- RE: Continuing the cookie discussion..., Howard Gilbert, 12/18/2004
- RE: Continuing the cookie discussion..., Jim Fox, 12/18/2004
- RE: Continuing the cookie discussion..., Scott Cantor, 12/18/2004
- RE: Continuing the cookie discussion..., Howard Gilbert, 12/18/2004
- RE: Continuing the cookie discussion..., Scott Cantor, 12/18/2004
- Re: Continuing the cookie discussion..., Tom Scavo, 12/19/2004
- RE: Continuing the cookie discussion..., Scott Cantor, 12/19/2004
- Re: Continuing the cookie discussion..., Tom Scavo, 12/19/2004
- RE: Continuing the cookie discussion..., Scott Cantor, 12/19/2004
- RE: Continuing the cookie discussion..., Howard Gilbert, 12/18/2004
- Re: Continuing the cookie discussion..., Tom Scavo, 12/17/2004
- RE: Continuing the cookie discussion..., Howard Gilbert, 12/16/2004
- RE: Continuing the cookie discussion..., Howard Gilbert, 12/13/2004
Archive powered by MHonArc 2.6.16.